- All Exams Instant Download
Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels. Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?A . Spawn a shell using...
Which of the following would BEST secure the company’s CI/CD pipeline?
A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline?A . Utilizing a trusted secrets manager B. Performing DAST on a weekly basis C. Introducing the use of container orchestration D. Deploying instance...
Which of the following solutions would BEST meet these requirements?
A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements: Only users with corporate-owned devices can directly access servers hosted by the cloud provider. The company can control what...
Which of the following is t he NEXT step of the incident response plan?
A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is t he NEXT step of the incident...
Which of the following BEST describes what the administrator should do NEXT?
A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are...
Which of the following is an appropriate security control the company should implement?
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following: The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:...
Which of the following actions would BEST resolve the issue?
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)A . Conduct input sanitization. B. Deploy...
Which of the following should the analyst use to create the list quickly?
A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly?A . Business impact rating B. CVE dates...
Which of the following actions should the security analyst propose to prevent this successful exploitation?
A security analyst needs to recommend a remediation to the following threat: Which of the following actions should the security analyst propose to prevent this successful exploitation?A . Patch the system. B. Update the antivirus. C. Install a host-based firewall. D. Enable TLS 1.2.View AnswerAnswer: D
Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?
Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?A . Lattice-based cryptography B. Quantum computing C. Asymmetric cryptography D. Homomorphic encryptionView AnswerAnswer: D Explanation: Reference: https://searchsecurity.techtarget.com/definition/cryptanalysis
